4-page Case Study - Posted 1/14/2008
Views: 862
Rate This Evidence:
Network Access Protection Helps Art Museum Share Information More Securely
The Rijksmuseum Amsterdam is a museum in the Netherlands that showcases Dutch art from the Middle Ages to the twentieth century. The museum has a long history of making art accessible to the public, and the tradition of accessibility also extends to its technology environment. Visiting colleagues and students can connect to the network using the museum’s workstations or their own mobile devices. However, although workstations were tightly managed, the museum could not guarantee the health of visitors’ client devices. To improve security, the Rijksmuseum is implementing Windows Server® 2008 with Network Access Protection. As a result, the museum can automatically enforce security policies for client devices before they connect to the network. The museum’s resources will be more secure, and it can move forward with new projects for sharing its art and information.
Situation
 |
One of our goals is to give information to others, so we have to open our resources as much as we can. Windows Server 2008 will help us achieve that goal more securely.  |
|
|
Paul van Kooten
Network Manager
Rijksmuseum Amsterdam |
|
|
The Rijksmuseum Amsterdam, a museum in the Netherlands, is home to a renowned art collection that includes Rembrandt’s Night Watch. Since 1800, the museum has been dedicated to preserving Dutch art and improving accessibility for visitors. In keeping with its mission, the museum began a major renovation in 2003 that features a more open building design. When the renovation is complete, visitors will find the museum easier to navigate and its collection more effectively presented.
The Rijksmuseum also wanted to increase access to its technology resources. However, it faced the challenge of keeping its network open to visiting scholars and its own staff of 400 employees while maintaining an adequate level of security. Although the museum reserved six workstations for guest users, most visitors brought their own devices and used them to connect to the Internet or museum resources.
“This is not like a typical corporate environment,” says Paul van Kooten, Network Manager at the Rijksmuseum. “Many visitors do not work in museums; they are traveling around the world and may not be part of a bigger organization. They use all kinds of devices, and I can’t tell in advance how secure they are. In fact, I have to assume they are not secure.”
The museum’s IT team was too small to inspect each visitor’s device before it connected to the network. Instead, the museum relied on its Symantec AntiVirus solution to detect spyware and other threats. This process increased network vulnerability because administrators could not remove potential threats until after a network connection was established. It also increased the administrative workload because IT staff had to actively review the museum’s 300 workstations to locate compromised systems.
The Rijksmuseum wanted to balance its desire to provide liberal network access with the need for enhanced security. The museum looked for an easily managed solution that would both improve security and provide a foundation for enhancing services offered to visitors.
Solution
The Rijksmuseum began investigating solutions for protecting network access in the spring of 2007. When van Kooten and his team read documentation for the Windows Server® 2008 Enterprise operating system, they decided to become an early adopter. The team thought the Network Access Protection (NAP) capability built in to Windows Server 2008 would reduce exposure to attack and help the museum enforce compliance more efficiently. In addition, the solution would deliver advanced support for future Web-publishing solutions.
|
Implementing Windows Server 2008 with Network Access Protection will improve my peace of mind. I will be more confident that only managed clients can get access to corporate network resources. |
|
|
Paul van Kooten
Network Manager
Rijksmuseum Amsterdam |
|
|
The museum began implementing its new server software in October 2007 with help from BRAIN FORCE Netherlands, a Microsoft® Gold Certified Partner. BRAIN FORCE Netherlands is part of BRAIN FORCE Holding, an IT services provider based in Vienna, Austria, that has offices in seven European countries. BRAIN FORCE Netherlands provides solutions for infrastructure optimization and application management, including enterprise services, infrastructure solutions, repackaging, and security. The Rijksmuseum had worked with the services provider for five years on other projects, and knew BRAIN FORCE Netherlands had the skills it needed to successfully deploy the new solution.
The Rijksmuseum has 25 server computers running the Windows Server 2003 R2 Enterprise Edition operating system and 300 workstations running the Windows® XP with Service Pack 2 operating system. The deployment team installed Windows Server 2008 Enterprise on one computer as a NAP server with 802.1X network access enforcement, and it implemented the Network Access Protection client for Windows XP on several test workstations. The team is satisfied with the deployment, and it is waiting for the availability of Windows XP Service Pack 3 and a Dutch language interface before implementing the solution on production workstations. The Rijksmuseum expects to complete deployment by early 2008.
The museum’s technology environment includes Microsoft Exchange Server 2007 Enterprise Edition, Microsoft SQL Server® 2000 Enterprise Edition database software, and Windows SharePoint® Services. The Rijksmuseum also plans to replace its Symantec solution with Microsoft Forefront™ Client Security, part of the Microsoft Forefront line of business security products. The migrations are part of a larger project designed to streamline the museum’s IT environment.
“I really want to standardize on as few software vendors as possible,” says van Kooten. “By standardizing on Microsoft technologies, we expect to build an IT infrastructure that is both easier to manage and also more flexible.”
Server consolidation is also part of this strategy, and van Kooten looks forward to taking advantage of Windows Server 2008 Hyper-V™, the new server software’s built-in virtualization technology. “The number of servers I manage is growing, and if I don’t want to install new solutions on separate machines, then virtualization with Windows Server 2008 is the next step,” he explains.
Benefits
The Rijksmuseum Amsterdam is taking advantage of Windows Server 2008 to deliver information more securely. Administration will be easier, and the museum can make more resources available to colleagues and the public.
|
Without Windows Server 2008, I have to put in a lot of work to see if my workstations are maintaining the right level of security. This takes the work out of my hands, and that’s a great feeling. |
|
|
Paul van Kooten
Network Manager
Rijksmuseum Amsterdam |
|
|
Strengthens Security
By deploying Windows Server 2008, the Rijksmuseum will have more control over its security and IT environment. The museum can enforce its security policies and ensure the health of visitors’ mobile devices without restricting access or increasing administrative overhead. Deploying Forefront Client Security will provide an added layer of protection by improving the security of managed devices after they connect to the network.
“It should always be possible to connect,” says van Kooten, “and I don’t want to have to worry about it. Implementing Windows Server 2008 with Network Access Protection will improve my peace of mind. I will be more confident that only managed clients can get access to corporate network resources.”
Improves Management and Flexibility
The security solution will be easier to manage and administrators can spend less time monitoring the health of workstations. The museum can also define security policies that include both employees’ computers and the variety of devices used by visitors. As a result, the museum will have a more flexible IT environment that is both more secure and easier to manage. “The solution does it for us,” says van Kooten. “Without Windows Server 2008, I have to put in a lot of work to see if my workstations are maintaining the right level of security. This takes the work out of my hands, and that’s a great feeling.”
Implementing Forefront Client Security will also improve management, says van Kooten. “Forefront Client Security will be so much easier to deploy and maintain because it will be part of the standard Microsoft infrastructure.”
Enables Growth
The Rijksmuseum now has a foundation in place for continuing to build the services it offers to museum colleagues and the public. These services include making information as well as art easily accessible to more people. For example, the museum plans to eventually open network resources to all museum visitors with mobile devices. Visitors will be able to select a profile indicating their level of expertise, and relevant information on individual works of art will automatically download as they move through the museum.
“A mission of the museum, in addition to preservation and conservation, is the exhibition of what we have,” says van Kooten. “One of our goals is to give information to others, so we have to open our resources as much as we can. Windows Server 2008 will help us achieve that goal more securely.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about BRAIN FORCE Netherlands products and services, call (31) 318 560360 or visit the Web site at:
www.brainforce.nl
For more information about the Rijksmuseum Amsterdam, call (31) 20 6747000 or visit the Web site at:
www.rijksmuseum.nl
Windows Server 2008
Windows Server 2008, with built-in Web and virtualization technologies, enables you to increase the reliability and flexibility of your server infrastructure. New virtualization tools, Web resources, and security enhancements help you save time, reduce costs, and provide a platform for a dynamic and optimized datacenter. Powerful new tools like IIS 7.0, Server Manager, and Windows PowerShell™, allow you to have more control over your servers and streamline Web, configuration, and management tasks. Advanced security and reliability enhancements like Network Access Protection and the Read-Only Domain Controller option for Active Directory Domain Services harden the operating system and help protect your server environment to ensure you have a solid foundation on which to build your business.
For more information, go to:
www.microsoft.com/windowsserver2008
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published January 2008
